Vulnerabilities > CVE-2007-0144 - Cross-Site Scripting vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
digitizing-quote-and-ordering-system
exploit available
NVD
Published: 2007-01-09
Updated: 2017-10-19

Summary

Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.

Vulnerable Configurations

Part Description Count
Application
Digitizing_Quote_And_Ordering_System
1

Exploit-Db

descriptionQUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities. CVE-2006-6911,CVE-2007-0144. Webapps exploit for asp platform
fileexploits/asp/webapps/3089.txt
idEDB-ID:3089
last seen2016-01-31
modified2007-01-05
platformasp
port
published2007-01-05
reporterajann
sourcehttps://www.exploit-db.com/download/3089/
titleQUOTE&ORDERING; SYSTEM 1.0 ordernum Multiple Vulnerabilities
typewebapps

References